Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Security Fixes and Improvements

September 8th, 2010, 20:28 GMT · By

Apple Addresses Flurry of Security Issues with iOS 4.1

SHARE:

Adjust text size:


iOS vulnerabilities patched in 4.1 update
Enlarge picture
Apple has released iOS 4.1, a major update to its iPhone and iPod touch firmware, which fixes numerous security vulnerabilities of critical impact.

There are a total of 24 security issues addressed in iOS 4.1, 19 of which can be exploited to execute arbitrary code on the target devices.

Most of the remote code execution flaws are located in the WebKit browser engine, but two affect the ImageIO component and can be attacked via maliciously crafted TIFF and GIF images.

Furthermore, two other bugs are located outside of WebKit and they affect the user interface and the FaceTime feature.

In addition to the arbitrary code execution flaws, some other types of bugs have also been fixed in WebKit.

This includes a clipboard hijacking bug, an information disclosure weakness and a flaw reported by a Google engineer that can lead to clickjacking-like attacks.

"If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred.

"A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase," Apple explains about the latter in its security advisory.

In addition to the large batch of security patches, iOS 4.1 also brings many other enhancements and new features.

However, the notorious iPhone jailbreakers from Dev-Team warn users against installing it, as it might break unlockers and other hacks.

"Today you’ll likely start seeing iTunes innocently offer you a new version of iOS…version 4.1. Don’t accept it…it’s a trap!" the team warns on its official blog.

"Please stay away from this 4.1 release until a safe jailbreak procedure (which also preserves ultrasn0w) is developed and released," they advise.

Jailbreaking is a controversial practice, which allows users to run code that hasn't been approved by Apple on their phones.

However, some security experts have repeatedly expressed concern that doing this significantly decreases the security of the devices and allows malware to run on them.

TELL US WHAT YOU THINK:

9,372 hits · 2 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Unofficial Patch for iOS PDF Exploit Keeps Devices Jailbroken
Source Code for JailbreakMe iOS Exploits Released
Apple Patches Critical iOS Vulnerabilities
Chained Exploits Used to Jailbreak iPhone

READER COMMENTS:


Comment #1 by: SpaceyJacey on 09 Sep 2010, 06:29 UTC reply to this comment

Shouldn't the title be "Apple Addresses Flurry of Security Issues WITH iOS 4.1"?

Comment #1.1 by: Lucian Constantin on 09 Sep 2010, 06:59 GMT

It really depends on how you read it. I meant that a flurry of security issues were addressed by Apple in iOS 4.1.

However, I updated the title and used "with" in order to avoid any confusion. Thanks for raising the issue.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use